Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-08-11 CVE-2017-9556 Cross-site Scripting vulnerability in Synology Video Station
Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.
network
low complexity
synology CWE-79
5.4
5.4
2017-08-10 CVE-2017-12798 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.
network
low complexity
nexusphp-project CWE-79
6.1
6.1
2017-08-10 CVE-2016-6812 Cross-site Scripting vulnerability in Apache CXF
The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints.
network
low complexity
apache CWE-79
6.1
6.1
2017-08-10 CVE-2017-1431 Cross-site Scripting vulnerability in IBM Infosphere Streams
IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-08-10 CVE-2017-1168 Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager
IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-08-09 CVE-2017-12777 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
network
low complexity
nexusphp-project CWE-79
6.1
6.1
2017-08-09 CVE-2016-6121 Cross-site Scripting vulnerability in IBM products
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-08-09 CVE-2014-9701 Cross-site Scripting vulnerability in Mantisbt
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php.
network
low complexity
mantisbt CWE-79
6.5
6.5
2017-08-09 CVE-2014-6393 Cross-site Scripting vulnerability in Openjsf Express
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.
network
low complexity
openjsf CWE-79
6.1
6.1
2017-08-09 CVE-2014-5144 Cross-site Scripting vulnerability in Telescopeapp Telescope 0.9.0
Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown.
network
low complexity
telescopeapp CWE-79
5.4
5.4